{"id":18642,"date":"2017-09-29T05:00:06","date_gmt":"2017-09-29T12:00:06","guid":{"rendered":"http:\/\/www.yardi.com\/blog\/?p=18642"},"modified":"2020-12-24T22:32:33","modified_gmt":"2020-12-25T06:32:33","slug":"trojan-apps","status":"publish","type":"post","link":"https:\/\/www.yardi.com\/blog\/trojan-apps\/","title":{"rendered":"Trojan Apps"},"content":{"rendered":"<p>Google has eliminated 300 apps from its online store after discovering a secret plugin silently installed across several Andro<a href=\"https:\/\/www.yardi.com\/blog\/uncategorized\/trojan-apps\/18642.html\/attachment\/shutterstock_220531183\" rel=\"attachment wp-att-18664\"><img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-18664\" src=\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg\" alt=\"shutterstock_220531183\" width=\"624\" height=\"449\" srcset=\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg 1000w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg?resize=768,552 768w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg?w=400 400w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg?w=500 500w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg?w=600 600w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg?w=720 720w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg?w=800 800w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/a>id devices. The seemingly innocuous apps were all secretly outfitted with the WiredX botnet. WiredX commandeers vulnerable Android phones and tablets, using the gadgets to kick off a DD0S attack. While Google does not yet have an official account of just how many devices currently host the WiredX botnet, <strong>Chad Seaman<\/strong>, a senior engineer at\u00a0<strong>Akamai<\/strong>, a cyber security firm, <a href=\"https:\/\/krebsonsecurity.com\/2017\/08\/tech-firms-team-up-to-take-down-wirex-android-ddos-botnet\/\" target=\"_blank\" rel=\"noopener\">estimates<\/a> the number could reach 70,000 or more.<\/p>\n<p>\u201cI know in the cases where we pulled data out of our platform for the people being targeted we saw 130,000 to 160,000 (unique Internet addresses) involved in the attack,\u201d said Seaman.<\/p>\n<p><strong>Silent, but Deadly<\/strong><\/p>\n<p>The initial WiredX outbreak occurred on August 17<sup>th<\/sup>, when several Content Delivery Networks (CDNS) reported similar DDoS attacks. A search for the source eventually landed at the doorstep of Google\u2019s Play Store, prompting the tech firm to pull hundreds of affected applications from its store and initiate procedures to remove the malware from infected devices.<\/p>\n<p>\u201cWe identified approximately 300 apps associated with the issue, blocked them from the Play Store, and we\u2019re in the process of removing them from all affected devices,\u201d a Google spokesperson said. \u201cThe researchers\u2019 findings, combined with our own analysis, have enabled us to better protect Android users, everywhere.\u201d<\/p>\n<p>The apps chosen to host the plugin provided genuine services, like ringtones and video players, but included hidden malware designed to commandeer the device for potential DDoS attacks. Once powered on, any infected phone or tablet mainly served as a soldier in a broader DDoS army \u2013 all unbeknownst to the user. While the apps themselves operated as promised, the malware surreptitiously connected to an internet server run by the WiredX creators. One online, the WiredX hackers used the script to remotely control all the infected devices to launch their DDoS attacks.<\/p>\n<p>\u201c\u2026this botnet makes it so that if you\u2019re driving down the highway and your phone is busy attacking some website, there\u2019s a chance your device could show up in the attack logs with three or four or even five different Internet addresses,\u201d Seaman said in an interview with <a href=\"https:\/\/krebsonsecurity.com\/2017\/08\/tech-firms-team-up-to-take-down-wirex-android-ddos-botnet\/\" target=\"_blank\" rel=\"noopener\">KrebsOnSecurity<\/a>. \u201cWe saw attacks coming from infected devices in over 100 countries. It was coming from everywhere.\u201d<\/p>\n<p><strong>Intra-Corporate Collaboration<\/strong><\/p>\n<p>After Akamai noticed one of the Android-based DDoS attacks, the company began working with researchers from several tech companies, including Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, and Team Cymru. The collaboration between these occasionally competitive organizations signals a new era in malware management, according to tech security journalist Brian Krebs; one brought about due to a similar attack by the <a href=\"https:\/\/krebsonsecurity.com\/2016\/11\/new-mirai-worm-knocks-900k-germans-offline\/\" target=\"_blank\" rel=\"noopener\">Mirai worm<\/a> launched from IoT devices last year.<\/p>\n<p>\u201cExperts involved in the takedown warn that WiredX marks the emergence of a new class of attack tools that are more challenging to defend against and thus require broader industry cooperation to defeat,\u201d Krebbs writes on his blog.<\/p>\n<p>\u201cWhen those really large Mirai DDoS botnets started showing up and taking down massive pieces of Internet infrastructure, that caused massive interruptions in service for\u00a0people that normally don\u2019t deal with DDoS attacks,\u201d <strong>Allison Nixon<\/strong>, director of security research at New York City-based security firm\u00a0<a href=\"https:\/\/www.flashpoint-intel.com\/\" target=\"_blank\" rel=\"noopener\">Flashpoint<\/a> told Krebbs. \u201cIt sparked a lot of collaboration. Different players in the industry started to take notice, and\u00a0a bunch of us realized that we needed to deal with this thing because if we didn\u2019t it would just keep getting bigger and rampaging around.\u201d<\/p>\n<p><strong>Continued Vulnerability<\/strong><\/p>\n<p>The WiredX episode is just the latest in a series of security snafus that have plagued Google in recent months. Earlier this month, the company discovered several apps contained hidden surveillance software, and just last week researchers found a banking malware hiding amongst several gaming apps. Because of the Android OS relies on an open source platform, experts warn more malicious apps will likely appear.\u00a0 As always, when it comes to the security of your connected devices, the best defense involves awareness of potential vulnerabilities as well as proactive safeguards.<\/p>\n<p>\u201cWith all these apps sneaking into Play, it\u2019s up to you to protect yourself and your Android device,\u201d warns <a href=\"http:\/\/gizmodo.com\/google-removes-300-apps-used-to-launch-ddos-attacks-fro-1798514052\" target=\"_blank\" rel=\"noopener\">Gizmodo\u2019s Kate Conger<\/a>. \u201cIf you\u2019re ever in doubt about whether an app is safe, do some research on the developer and check out what permissions the app wants on your phone.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google pulls 300 apps from Play Store after embedded malware triggers DDoS attack.<\/p>\n","protected":false},"author":103,"featured_media":18664,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_s2mail":"yes","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[483,1928,99,47,1014,1914,2132,238,359],"class_list":["post-18642","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-android","tag-cyber-security","tag-data-security","tag-google","tag-internet-of-things","tag-it-security","tag-malware","tag-mobile-apps","tag-online-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.4 (Yoast SEO v24.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Yardi Blog<\/title>\n<meta name=\"description\" content=\"Google pulls 300 apps from Play Store after embedded malware triggers DDoS attack.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trojan Apps\" \/>\n<meta property=\"og:description\" content=\"Google pulls 300 apps from Play Store after embedded malware triggers DDoS attack.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.yardi.com\/blog\/trojan-apps\/\" \/>\n<meta property=\"og:site_name\" content=\"Yardi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-09-29T12:00:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-25T06:32:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"719\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cutright Elizabeth\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cutright Elizabeth\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.yardi.com\/blog\/trojan-apps\/\",\"url\":\"https:\/\/www.yardi.com\/blog\/trojan-apps\/\",\"name\":\"Trojan Apps - Yardi Corporate Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/trojan-apps\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/trojan-apps\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg\",\"datePublished\":\"2017-09-29T12:00:06+00:00\",\"dateModified\":\"2020-12-25T06:32:33+00:00\",\"author\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d\"},\"description\":\"Google pulls 300 apps from Play Store after embedded malware triggers DDoS attack.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/trojan-apps\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.yardi.com\/blog\/trojan-apps\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.yardi.com\/blog\/trojan-apps\/#primaryimage\",\"url\":\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg\",\"contentUrl\":\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg\",\"width\":1000,\"height\":719},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.yardi.com\/blog\/trojan-apps\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.yardi.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trojan Apps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.yardi.com\/blog\/#website\",\"url\":\"https:\/\/www.yardi.com\/blog\/\",\"name\":\"Yardi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.yardi.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d\",\"name\":\"Cutright Elizabeth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g\",\"caption\":\"Cutright Elizabeth\"},\"description\":\"Elizabeth Cutright is an award-winning writer and editor with over 20 years of experience in journalism, publishing and online content creation. A film school grad with a law degree from the University of San Diego, outside of work Elizabeth can usually be found in the pool, on a hiking trail, or sampling Santa Barbara\u2019s latest vintage.\",\"url\":\"https:\/\/www.yardi.com\/blog\/author\/elizabeth-cutright-2\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Yardi Blog","description":"Google pulls 300 apps from Play Store after embedded malware triggers DDoS attack.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Trojan Apps","og_description":"Google pulls 300 apps from Play Store after embedded malware triggers DDoS attack.","og_url":"https:\/\/www.yardi.com\/blog\/trojan-apps\/","og_site_name":"Yardi Blog","article_published_time":"2017-09-29T12:00:06+00:00","article_modified_time":"2020-12-25T06:32:33+00:00","og_image":[{"width":1000,"height":719,"url":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg","type":"image\/jpeg"}],"author":"Cutright Elizabeth","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cutright Elizabeth","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.yardi.com\/blog\/trojan-apps\/","url":"https:\/\/www.yardi.com\/blog\/trojan-apps\/","name":"Trojan Apps - Yardi Corporate Blog","isPartOf":{"@id":"https:\/\/www.yardi.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.yardi.com\/blog\/trojan-apps\/#primaryimage"},"image":{"@id":"https:\/\/www.yardi.com\/blog\/trojan-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg","datePublished":"2017-09-29T12:00:06+00:00","dateModified":"2020-12-25T06:32:33+00:00","author":{"@id":"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d"},"description":"Google pulls 300 apps from Play Store after embedded malware triggers DDoS attack.","breadcrumb":{"@id":"https:\/\/www.yardi.com\/blog\/trojan-apps\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.yardi.com\/blog\/trojan-apps\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.yardi.com\/blog\/trojan-apps\/#primaryimage","url":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg","contentUrl":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg","width":1000,"height":719},{"@type":"BreadcrumbList","@id":"https:\/\/www.yardi.com\/blog\/trojan-apps\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.yardi.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Trojan Apps"}]},{"@type":"WebSite","@id":"https:\/\/www.yardi.com\/blog\/#website","url":"https:\/\/www.yardi.com\/blog\/","name":"Yardi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.yardi.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d","name":"Cutright Elizabeth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g","caption":"Cutright Elizabeth"},"description":"Elizabeth Cutright is an award-winning writer and editor with over 20 years of experience in journalism, publishing and online content creation. A film school grad with a law degree from the University of San Diego, outside of work Elizabeth can usually be found in the pool, on a hiking trail, or sampling Santa Barbara\u2019s latest vintage.","url":"https:\/\/www.yardi.com\/blog\/author\/elizabeth-cutright-2\/"}]}},"jetpack_featured_media_url":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2017\/08\/shutterstock_220531183.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts\/18642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/users\/103"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/comments?post=18642"}],"version-history":[{"count":5,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts\/18642\/revisions"}],"predecessor-version":[{"id":27776,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts\/18642\/revisions\/27776"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/media\/18664"}],"wp:attachment":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/media?parent=18642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/categories?post=18642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/tags?post=18642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}